As a suggestion, you may want to encode the URL in some way to prevent people from typing what they want into the variable, then decode it when setting your header (as @MrSil's answer)
–
ChrisForrenceOct 15 '12 at 17:11

You could check to see if the referrer domain is mydomain.com
–
PrasanthOct 15 '12 at 17:11

1

What I mean is, I want to ensure that the visitor is clicking the link within my site. I do not want other people to use my redirector externally.
–
Henrik PettersonOct 15 '12 at 17:12

This is an excellent answer. Out of curiosity, how can this script be spoofed?
–
Henrik PettersonOct 15 '12 at 17:32

Also, can you please add the header redirect code in there as well so that I can accept this answer as correct. Sorry if I am confused but I cannot see where the $_GET['url' part is...
–
Henrik PettersonOct 15 '12 at 17:35